<?php #//v.3.3.0
#///////////////////////////////////////////////////////
#//  COPYRIGHT 2004 Phpauction.org ALL RIGHTS RESERVED//
#///////////////////////////////////////////////////////

include "../includes/config.inc.php";
include "loggedin.inc.php";
include $include_path."messages.inc.php";
include $include_path."countries.inc.php";
$TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));

if($_POST[action] && phpa_securepost($_POST))
{


	//-- Data check
if (!PHP_4 )
{
  require_once './htmlpurifier/library/HTMLPurifier.auto.php';
  $config = HTMLPurifier_Config::createDefault();
  $config->set('Core', 'Encoding', 'ISO-8859-1');
  $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
  $config->set('HTML', 'AllowedElements', 'div,a,em,blockquote,p,code,pre,table,font,tbody,td,tr,b,strong,u,ul,li,ol');
  $purifier = new HTMLPurifier($config);
}
else
{
   require_once './class/phpauction_purify.php';
   $purifier = new HTMLPurifier();
   $purifier->allowed_tags(array("div","a","em","blockquote","p","code","pre","table","font","tbody","td","tr","b","strong","u","ul","li","ol" ));
}

	if(!$_POST[new_date] || !$_POST[title] || !$_POST[content]){
		$ERR = "ERR_112";
	}elseif(!ereg("^[0-9]{2}/[0-9]{2}/[0-9]{4}$",$_POST[new_date])){
		$ERR = "ERR_117";
	}else{
		$_POST[id] = md5(uniqid(rand()));
		if($SETTINGS['datesformat'] != "USA"){
			$date = strval(substr($_POST[new_date],6,4).substr($_POST[new_date],3,2).substr($_POST[new_date],0,2));
		}else{
			$date = strval(substr($_POST[new_date],6,4).substr($_POST[new_date],0,2).substr($_POST[new_date],3,2));
		}

                $clean_html = $purifier->purify(stripslashes($_POST[content][$SETTINGS['defaultlanguage']]));

                $_POST[content][$SETTINGS['defaultlanguage']] = $clean_html;
		$query = "INSERT INTO PHPAUCTIONXL_news VALUES(NULL,'".addslashes(htmlentities($_POST[title][$SETTINGS['defaultlanguage']]))."','".addslashes($clean_html)."',$date,".intval($_POST[suspended]).")";
		$res = mysql_query($query);
		if(!$res){
			$ERR = "ERR_001";
		}
		$_POST[id]=mysql_insert_id();
		#// Insert into translation table.
		reset($LANGUAGES);
		while(list($k,$v) = each($LANGUAGES)){
               $clean_html = $purifier->purify(stripslashes($_POST[content][$k]));
               $_POST[content][$k] = $clean_html;
			$query = "INSERT INTO PHPAUCTIONXL_news_translated VALUES(
					$_POST[id],
					'$k',
					'".addslashes(htmlentities($_POST[title][$k]))."',
					'".$clean_html."')";
			$res = @mysql_query($query);
		}
		Header("Location: news.php");
		exit;
	}
}

?>
<HTML>
<HEAD>
<link rel='stylesheet' type='text/css' href='style.css' />
<script type="text/javascript" src="../js/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
	mode : "textareas",
	theme : "advanced",
	language: "en",
	plugins : "table",
	theme_advanced_buttons1 : "backcolor, forecolor, bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo,link,unlink",
	theme_advanced_buttons2 : "fontselect, fontsizeselect, image",
	theme_advanced_buttons3 : "tablecontrols",
	theme_advanced_toolbar_location : "top",
	theme_advanced_toolbar_align : "left",
	force_br_newlines : "false",
	extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>
<link href="css/main.css" rel="stylesheet" type="text/css">
</HEAD>
<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#666666" alink="#000066" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td>
		<table width="100%" border="0" cellspacing="0" cellpadding="0" class="titulo">
        <tr> 
          <td class="icono"><img src="images/content_icon2.gif" width="28" height="27" ></td>
          <td class="breadcrumbs"><p><span><?=$MSG_25_0018?></span>&nbsp;&gt;&gt;&nbsp;<?=$MSG_516?></p></td>
        </tr>
      	</table>
	</td>
  </tr>
  <tr>
    <td align="center" valign="middle">&nbsp;</td>
  </tr>
    <tr> 
    <td align="center" valign="middle">
		<FORM NAME=addnew ACTION="<? print basename($_SERVER[PHP_SELF]); ?>" METHOD="POST">
		<TABLE WIDTH="95%" BORDER="0" CELLSPACING="0" CELLPADDING="0" >
		<TR>
		<TD>
			<TABLE WIDTH=100% CELLPADDING=0 CELLSPACING=0 BORDER=0 class="base">
			<TR>
	 		<TD ALIGN=CENTER COLSPAN=2 class=title>
				<p><? print $MSG_518; ?></p>
				
	 		</TD>
			</TR>
			<?
			if($ERR || $updated){
			print "<TR><TD>&nbsp;</TD><TD WIDTH=486>";
			if($$ERR) print $$ERR;
			if($updated) print "Auction data updated";
			print "</TD></TR>";
			}
			?>


			<TR  BGCOLOR=#FFFFFF>
	 		 <TD WIDTH="125" VALIGN="top">
			<p class="blue">	<? print "$MSG_522 *"; ?></p>
	  		</TD>
	  		<TD WIDTH="486">
	  		<?
	  		if($SETTINGS['datesformat'] != "USA")
	  		{
	  		$DATE = Date("d/m/Y",$TIME);
	  		$SAMPLE = " (dd/mm/yyyy)";
	  		}
	  		else
	  		{
	  		$DATE = Date("m/d/Y",$TIME);
	  		$SAMPLE = " (mm/dd/yyyy)";
	  		}
	  		?>
			<INPUT TYPE=text NAME=new_date SIZE=10 MAXLENGTH=10 VALUE="<?=$DATE;?>"> <?=$SAMPLE?>
	  		</TD>
			</TR>
			<TR BGCOLOR=#FFFFFF valign=top>
	  		<TD WIDTH="125" VALIGN="top" class="gris">
			<p class="blue"><? print "$MSG_519 *"; ?></p>
	  		</TD>
	  		<TD WIDTH="486" class="gris">
			<IMG SRC="../includes/flags/<?=$SETTINGS['defaultlanguage']?>.gif">&nbsp;<INPUT TYPE=text NAME=title[<?=$SETTINGS['defaultlanguage']?>] SIZE=40 MAXLENGTH=255 VALUE="<? print $_POST[title]; ?>">
			<?
				reset($LANGUAGES);
				while(list($k,$v) = each($LANGUAGES)){
					if($k!=$SETTINGS['defaultlanguage']) print "<BR><IMG SRC=../includes/flags/".$k.".gif>&nbsp;<INPUT TYPE=text NAME=title[$k] SIZE=40 MAXLENGTH=255 VALUE=>";
				}
			?>
	  		</TD>
			</TR>

			<TR BGCOLOR=#FFFFFF>
	  		<TD WIDTH="125" VALIGN="top">
			<p class="blue"><? print "$MSG_520 *"; ?></p>
	  		</TD>
	  		<TD WIDTH="486">
			<IMG SRC="../includes/flags/<?=$SETTINGS['defaultlanguage']?>.gif"><BR />
			<TEXTAREA NAME=content[<?=$SETTINGS['defaultlanguage']?>] COLS=65 ROWS=20></TEXTAREA>
			<?
				reset($LANGUAGES);
				while(list($k,$v) = each($LANGUAGES)){
					if($k!=$SETTINGS['defaultlanguage']) print "<BR><IMG SRC=../includes/flags/".$k.".gif><BR /><TEXTAREA NAME=content[$k] COLS=65 ROWS=20></TEXTAREA>";
				}
			?>
	  		</TD>
			</TR>

			<TR BGCOLOR=#FFFFFF>
	  		<TD WIDTH="125" VALIGN="top">
			<p class="blue"><? print "$MSG_521 *"; ?></p>
	  		</TD>
	  		<TD WIDTH="486">
			<INPUT TYPE=radio NAME=suspended value=0
			<?
			if($_POST[suspended] == 0) print " CHECKED";
			?>
			>
			<? print $MSG_030; ?>
			<INPUT TYPE=radio NAME=suspended value=1
			<?
			if($_POST[suspended] == 1) print " CHECKED";
			?>
			> <? print $MSG_029; ?>
	  		</TD>
			</TR>

			<TR BGCOLOR=#FFFFFF>
	  		<TD WIDTH="125" VALIGN="top" class="gris">&nbsp;
		
			  </TD>
	  		<TD WIDTH="486" class="gris">
			<INPUT TYPE="submit" VALUE="<?=$MSG_518?>" class="action">
	  		</TD>
			</TR>
		</TABLE>
		<INPUT type="hidden" NAME="id" VALUE="<? echo $_GET[id]; ?>">
		<INPUT type="hidden" NAME="offset" VALUE="<? echo $_GET[offset]; ?>">
		<INPUT type="hidden" NAME="action" VALUE="addnew">
		<INPUT TYPE="hidden" NAME="security" VALUE="<?php echo $_SESSION['security'];?>" />

		</TD>
		</TR>
		</TABLE>	
		</FORM>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
